https://www.vusec.net/projects/anc/ is the attack I'm referring to (code at https://github.com/vusec/revanc). I just wanted to start a discussion about how it's kind of weird that everybody is freaking out despite this being a known problem with ASLR. ASLR was just a bandaid in preparation for RAP, which is now available (see https://grsecurity.net/rap_announce_ret.php). Honestly, I think it's rather sad that there's not a single mention of RAP at any of the discussions I've seen. I guess it just really shows that people at places like https://news.ycombinator.com/item?id=13650611 don't really understand real security. At least there's still SOLDIERX, where you won't get any of that cargo cult security crap
If people keep wasting their time on this old shit, grsecurity is going to be in business for a long time.